Live-Hack-CVE/CVE-2020-1878 Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some informat CVE project by @Sn0wAlice Create: 2023-02-04 01:42:15 +0000 UTC Push: 2023-02-04 01:42:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-24467 The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being u CVE project by @Sn0wAlice Create: 2023-02-03 23:30:34 +0000 UTC Push: 2023-02-03 23:30:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-14622 A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to c CVE project by @Sn0wAlice Create: 2023-02-03 23:30:28 +0000 UTC Push: 2023-02-03 23:30:31 +0000 UTC |

Live-Hack-CVE/CVE-2018-16869 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS conne CVE project by @Sn0wAlice Create: 2023-02-03 23:30:23 +0000 UTC Push: 2023-02-03 23:30:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-10129 A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CV CVE project by @Sn0wAlice Create: 2023-02-03 23:30:19 +0000 UTC Push: 2023-02-03 23:30:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-10163 A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected b CVE project by @Sn0wAlice Create: 2023-02-03 23:30:15 +0000 UTC Push: 2023-02-03 23:30:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-7003 A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupp CVE project by @Sn0wAlice Create: 2023-02-03 23:30:11 +0000 UTC Push: 2023-02-03 23:30:13 +0000 UTC |

Live-Hack-CVE/CVE-2021-21781 An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at CVE project by @Sn0wAlice Create: 2023-02-03 23:30:07 +0000 UTC Push: 2023-02-03 23:30:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-4210 IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. CVE project by @Sn0wAlice Create: 2023-02-03 23:30:03 +0000 UTC Push: 2023-02-03 23:30:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-7307 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause CVE project by @Sn0wAlice Create: 2023-02-03 23:29:59 +0000 UTC Push: 2023-02-03 23:30:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:55 +0000 UTC Push: 2023-02-03 23:29:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-24425 Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:52 +0000 UTC Push: 2023-02-03 23:29:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-24426 Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:48 +0000 UTC Push: 2023-02-03 23:29:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-4207 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:42 +0000 UTC Push: 2023-02-03 23:29:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4238 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:38 +0000 UTC Push: 2023-02-03 23:29:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-4220 IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:34 +0000 UTC Push: 2023-02-03 23:29:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-4208 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:31 +0000 UTC Push: 2023-02-03 23:29:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:23 +0000 UTC Push: 2023-02-03 23:29:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0549 A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initia CVE project by @Sn0wAlice Create: 2023-02-03 21:16:28 +0000 UTC Push: 2023-02-03 21:16:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buf CVE project by @Sn0wAlice Create: 2023-02-03 20:07:56 +0000 UTC Push: 2023-02-03 20:07:57 +0000 UTC |